LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   setfacl not working for me... how should I do it? (https://www.linuxquestions.org/questions/linux-newbie-8/setfacl-not-working-for-me-how-should-i-do-it-937285/)

Joan Murt 03-30-2012 10:38 AM

setfacl not working for me... how should I do it?
 
Hello all,

I'm using RED HAT ENTERPRISE LINUX 5.

Let's look at this folder layout:

-A
|--B
|--C
|--D
|--E


Let's say that the group G1 has access to the A folder (and all the subfolders).

I have a long samba definition file that uses groups to allow various people to reach folders.

The samba portion that affects the folder A is:

[A]
path = /A
browseable = no
valid users = @G1
write list = @G1
create mask = 0770
directory mask = 0770
force group = @G1
I need to exclude the folders B and C for one user of that group. Is that possible?

I've been trying to use setfacl -x u:user_to_be_excluded /A/B but as the user_to_be_excluded is from the group G1 setfacl is not working...

I've modified the fstab file in order to activate the acl:

LABEL=/A /A ext3 defaults,acl 1 2

And I've restarted the computer.

and I've used mount |grep acl to see that the changes in the fstab file have been applied (and they are).

What would you do in my case?

Thank you in advance!

ericson007 03-31-2012 07:59 AM

Next time after adding the acl to fstab, you can simply run:

#mount -o remount /mount_dir

Next up.

The -x you specify will remove a specific ACL entry. Since you did not make a ACL for the specific user, there is nothing to remove for that user.

Try #setfacl -R -m u:user:--- /path/to/dir

then check with #getfacl

But considering this is SAMBA related, I am not sure it will work. I have never tested it. I know for a fact that this sort of ACL schemes will work with NFS4.

You may want to look at controlling those aspects from the samba server itself, maybe by specifying rules to allow access to those folders on a host based authentication scheme.

Joan Murt 04-01-2012 04:34 AM

could you explain that a little bit more?
 
Quote:

Originally Posted by ericson007 (Post 4641399)
You may want to look at controlling those aspects from the samba server itself, maybe by specifying rules to allow access to those folders on a host based authentication scheme.

I'm really novice and I can't imagine how to do that, it seems that when I set the samba permissions for a group in which that user is I can't remove it specifically for the next folders...

Could you give me some pointers on how to do that? Thank you in advance!

ericson007 04-01-2012 04:47 AM

I am not that familiar with advanced samba configurations either as I never really use it apart from sharing internally.

But you can try changing the share in samba.conf:

[share_name]
path = /path/to/folder
and add
invalid users = user1 user2 etc

The following links may be useful:
http://www.samba.org/samba/docs/man/...html#id2611921
http://www.cyberciti.biz/tips/how-do...ba-shares.html


All times are GMT -5. The time now is 07:07 PM.